• The Transactions of the Korea Information Processing Society
• /
• v.5 no.3
• /
• pp.763-773
• /
• 1998

본논문은 TCP/IP를 사용하는 기존의 LAN상에 이동 호스트들이 셀의 형태로 덧붙여진 환경에서 이동 호스트와 고정 호스트간의 지속적인 세션을 지원하는 개선된 IP 체계인 SIMIP을 제안하였다. 이동형 프로토콜 설계시 라우팅 최적화가 매우 중요한 항목이고 이는 이동 호스트의 위치정보 관리방법과 직접적인 관계가 있다. 기존의 아이비엠과 마쓰시다 제안은 이를 집중화하였으며 콜롬비아와 소니제안은 이를 분산화하였다. MH 위치정보를 집중화하면 트라이앵글 문제로 인해 최적의 라우팅 경로를 지원할 수 없으며 집중화된 라우터의 실패 발생시는 위험도가 매우 크다. 반면에 분산화하면 위의 문제들은 해결되지만 캡슐화되는 주소를 찾기위해 CACH 또는 AMT와 같은 복잡한 기법이 요구된다. SIMIP은 MH위치정보를 DMR에 집중화하였으나 DMR 실패 발생시는 복수의 GMR중에서 하나가 자동적으로 DMR로 대체되어 위험도를 최소화시켰고, 'DMR 경로변경'에 의해 최적의 라우팅 경로를 지원하였다는 점에서 다른 제안들과 차이가 있다. 이동에 따른 주소변경을 해결하기 위해 가상네트워크 기법을 적용하였고, 이동 호스트로의 데이터 송신시 디폴트 라우팅 개념을 이용하였고, 이동라우터간 터널링에 IPIP 캡슐화를 사용하였다. SIMIP은 다른 제안에 비해 실용성있고, 신뢰성이 강하며, 구현이 용이하므로 산업계에서 활용가치가 있으리라본다.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2022.05a
• /
• pp.422-422
• /
• 2022

최근 기후변화와 도시화 등의 영향으로 인해 전 지구적으로 홍수 피해의 규모와 홍수발생 빈도가 증가하고 있다. 특히, 전 세계 인구의 약 50% 이상이 거주하고 있는 연안지역의 홍수피해 위험성은 급격히 증가하고 있는 추세이며, 각 국가는 홍수 피해를 저감하고 예방하기 위한 노력을 지속적으로 기울이고 있다. 본 연구에서는 연안지역의 감조하천을 대상으로 홍수 예경보 의사결정기법을 개발하고자 하였다. 이를 위해 감조하천에서 관측된 수위는 조석에 의한 수위(조석 성분), 파고에 의한 수위(파고 성분), 강우에 의한 수위(강우-유출 성분), 그리고 잡음에 의한 수위(잡음 성분)의 4가지 수문 성분으로 구성되어 있다고 정의하였고, 감조하천의 예측 강우 성분에 해당하는 예측 수위를 추정하기 위해 수위-유량 관계 곡선식을 개발하고자 하였다. 또한 각 수문 성분별 위기 경보 단계를 설정하고, Bayesian Network를 활용하여 수문 성분들의 위험을 종합적으로 고려할 수 있는 홍수 예·경보 의사결정 기법을 개발하였다. 3가지 난수 발생 방법에 따라 Bayesian Network 모형을 통해 다양한 수문 조건에 따른 조건부 확률을 산정하였으며, 정확도 검토를 수행한 결과 F-1 Socre가 25.1%, 63.5% 및 82.3%의 정확도를 보였다. 향후 본 연구에서 제시한 방법론을 활용한다면 기상청에서 제공하고 있는 예측 강우 및 GRM 모형을 통해 유출량을 산정하고, 이를 예측 수위로 변환하여 연안 지역의 홍수 위험도 매트릭스를 통해 홍수 예·경보에 대한 의사결정을 수행할 수 있을 것으로 판단된다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.2
• /
• pp.703-711
• /
• 2016

IDS (Intrusion Detection System) is used to detect network attacks through network data analysis. The system requires a high accuracy and detection rate, and low false alarm rate. In addition, the system uses a range of techniques, such as expert system, data mining, and state transition analysis to analyze the network data. The purpose of this study was to compare the performance of two data mining methods for detecting network attacks. They are Support Vector Machine (SVM) and a neural network called Forward Additive Neural Network (FANN). The well-known KDD Cup 99 training and test data set were used to compare the performance of the two algorithms. The accuracy, detection rate, and false alarm rate were calculated. The FANN showed a slightly higher false alarm rate than the SVM, but showed a much higher accuracy and detection rate than the SVM. Considering that treating a real attack as a normal message is much riskier than treating a normal message as an attack, it is concluded that the FANN is more effective in intrusion detection than the SVM.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.4B
• /
• pp.566-575
• /
• 2010

In recent, artificial immune system has become an important research direction in the anomaly detection of networks. The conventional artificial immune systems are usually based on the negative selection that is one of the computational models of self/nonself discrimination. A main problem with self and non-self discrimination is the determination of the frontier between self and non-self. It causes false positive and false negative which are wrong detections. Therefore, additional functions are needed in order to detect potential anomaly while identifying abnormal behavior from analogous symptoms. In this paper, we design novel network attack detection and response schemes based on artificial immune system, and evaluate the performance of the proposed schemes. We firstly generate detector set and design detection and response modules through adopting the interaction between dendritic cells and T-cells. With the sequence of buffer occupancy, a set of detectors is generated by negative selection. The detection module detects the network anomaly with a set of detectors and generates alarm signal to the response module. In order to reduce wrong detections, we also utilize the fuzzy number theory that infers the degree of threat. The degree of threat is calculated by monitoring the number of alarm signals and the intensity of alarm occurrence. The response module sends the control signal to attackers to limit the attack traffic.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.3C
• /
• pp.281-292
• /
• 2008

A main application of sensor networks are to monitor and to send information about a possibly hostile environment to a powerful base station connected to a wired network. To conserve power from each sensor, intermediate network nodes should aggregate results from individual sensors. However, it can make it that a single compromised sensor can render the network useless, or worse, mislead the operator into trusting a false reading. In this paper, we propose a protocol to give us a key aggregation mechanism that intermediate network nodes could aggregate data more safely. The proposed protocol is more helpful at multi-tier network architecture in secure sessions established between sensor nodes and gateways. From simulation study, we compare the amount of the energy consumption overhead, the time of key transmission and the ratio of of key process between the proposed method and LHA-SP. The simulation result of proposed protocol is low 3.5% a lord of energy consumption than LHA-SP, the time of key transmission and the ration of key process is get improved result of each 0.3% and 0.6% than LHA-SP.

• Journal of the Korea Convergence Society
• /
• v.10 no.12
• /
• pp.17-22
• /
• 2019

Network attack analysis and visualization methods using network traffic session data detect network anomalies by visualizing the sender's and receiver's IP addresses and the relationship between them. The traffic flow is a critical feature in detecting anomalies, but simply visualizing the source and destination IP addresses symmetrically from up-down or left-right would become a problematic factor for the analysis. Also, there is a risk of losing timely security situation when designing a visualization interface without considering the temporal characteristics of time-series traffic sessions. In this paper, we propose a visualization interface and analysis method that visualizes time-series traffic data by using the radial axis, divide IP addresses into network and host portions which then projects on the cylindrical coordinate system that could effectively monitor network attacks. The proposed method has the advantage of intuitively recognizing network attacks and identifying attack activity over time.

• Convergence Security Journal
• /
• v.13 no.2
• /
• pp.85-93
• /
• 2013

Today, the structure of terrorist organizations in the form of a variety of network complexity are evolving. However, terrorist organization not combining randomly generated network but preferential attachment a network. So, it's research should be preceded a better understanding about the characteristics and type of terror network for a effective counter-terrorism policy of law enforcement. In addition, the appropriate response strategy have to technique establish in an era of smart media. In particular, homegrown terrorist attacks on unspecified people without boundaries of countries and regions unlike the traditional terrorism. Also, homegrown terrorism are violence and criminal activity by new various of religion, politics, philosophy. Besides the extreme members of homegrown terror networks went grow up through the evolutionary process in the age of smart media. Law enforcement agencies must identify the terrorist network at the national level. Therefore, terror networks evolving in the online space, forming a radical homegrown terror organizations have access to the network. Intelligence community track terrorist networks and to block the negative aspects of the smart media outlets should be considered.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.3
• /
• pp.605-612
• /
• 2011

Recently, cyber attacks against public communications networks are getting more complicated and varied. Moreover, in some cases, one country could make systematic attacks at a national level against another country to steal its confidential information and intellectual property. Therefore, the issue of cyber attacks is now regarded as a new major threat to national security. The conventional way of operating individual information security systems such as IDS and IPS may not be sufficient to cope with those attacks committed by highly-motivated attackers with significant resources. In this paper, we discuss the technologies and standard trends about actual cyber threat and response methods, design the collaborative response framework based on the security information sharing in the inter-domain environments. The computation method of network threat level based on the collaborative response framework is proposed. The network threats are be quickly detected and real-time response can be executed using the proposed computation method.

• Convergence Security Journal
• /
• v.13 no.4
• /
• pp.11-17
• /
• 2013

All u-Health system has security vulnerabilities. This vulnerability locally(local) or network(network) is on the potential risk. Smart environment of health information technology, Ad-hoc networking, wireless communication environments, u-health are major factor to increase the security vulnerability. u-health care information systems user terminal domain interval, interval public network infrastructure, networking section, the intranet are divided into sections. Health information systems by separating domain specific reason to assess vulnerability vulnerability countermeasure for each domain are different. u-Healthcare System 5 layers of security risk assessment system for domain-specific security vulnerability diagnosis system designed to take the security measures are needed. If you use this proposed model that has been conducted so far vaguely USN-based health information network security vulnerabilities diagnostic measures can be done more systematically provide a model.

• Journal of Korean Tunnelling and Underground Space Association
• /
• v.18 no.5
• /
• pp.453-467
• /
• 2016

Overall risks that can occur in a shield TBM tunnelling are studied in this paper. Both the potential risk events that may occur during tunnel construction and their causes are identified, and the causal relationship between causes and events is obtained in a systematic way. Risk impact analysis is performed for the potential risk events and ways to mitigate the risks are summarized. Literature surveys as well as interviews with experts were made for this purpose. The potential risk events are classified into eight categories: cuttability reduction, collapse of a tunnel face, ground surface settlement and upheaval, spurts of slurry on the ground, incapability of mucking and excavation, and water leakage. The causes of these risks are categorized into three areas: geological, design and construction management factors. Bayesian Networks (BN) were established to systematically assess a causal relationship between causes and events. The risk impact analysis was performed to evaluate a risk response level by adopting an Analytic Hierarchy Process (AHP) with the consideration of the downtime and cost of measures. Based on the result of the risk impact analysis, the risk events are divided into four risk response levels and these levels are verified by comparing with the actual occurrences of risk events. Measures to mitigate the potential risk events during the design and/or construction stages are also proposed. Result of this research will be of the help to the designers and contractors of TBM tunnelling projects in identifying the potential risks and for preparing a systematic risk management through the evaluation of the risk response level and the migration methods in the design and construction stage.